The problem is due to a file called WScript.exe which is a program that runs in the background silently modifying the title of the IE window everytime you open it. It checks for the title of the program that is currently running and if its Internet Explorer then it adds the name “Dipak Bhattrai” to the the title before displaying it.

1. Task Manager – Process – Kill Wscript.exe if it is running
2. Double click My computer. Click on Tools Menu -> Folder options -> View
3. If you are unable to view to do step 2. Then its due to another virus and here is the fix for that.
   • If you donot get the Show All Options ( maybe a because of this or another virus) follow the following step:
     Start -> Run -> Regedit (You must have admin rights to execute this command )
     HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Explorer -> Advanced -> Folder -> Hidden -> SHOWALL

     Here check the registry value named ‘CheckedValue’ (REG_DWORD) here right click on it and select ‘Modify’ then set value to 1 and click ‘ok’. Close Registry Editor and check the Folder Option to verify this solution. If it is not there create it.

4. Now Navigate to C:\Windows\System32\. Look for the file named VirusGuard.vbs ( This is the Culprit )
5. Delete the file VirusGuard.vbs (Not just sending it to the recycle bin. Shift + Delete)
6. Use HighJackThis to locate the registry entries and fix it ( Remove Invalid entires to IE )
7. Highjackthis can be downloaded here
8. Reboot your system
9. some process will try to run VirusGuard.vbs script and gives you a error message
10. Start IE and just confirm it has removed the bloody name “Dipak bhattarai”
11. You might see a hyphen on ur IE. Fix it back to normal (“Windows Internet Explorer”) by using TrueSword.exe

If you want to know the email address of the guy who wrote this script in the first place leave your email in the comment. I promise that I’ll reply back to you with his email address.

Thanks to Harsh and Rama for the fix.

This is one annyoing spyware. Its relatively harmless but gets on your nerve.

Step 1

• Click on start -> Run
• Key in “regedit”
• Click on menu item “Edit” and on “Find”
• In the “Find What textbox” key in “qwdxrego.exe” and click on “Find Next” button
• Delete the entries that show up.
• Repeat the procedure but this time search for a file called “ssysyq2r.exe” and delete any entries that show up.

Step 1-6 cleans up the registry. Now to delete the actual files.

• Open explorer and navigate to c:\winnt\system32 or c:\windows\system32
• Click on the search button and search for “qwdxrego.exe”. Delete any files that show up in the search results.
• Repeat step 8, this time search for “ssysyq2r.exe”. Delete any files that show up.
• You’ll find a shortcut labeled “Zeno” (or zeno.lnk, including the extension) in your startup directory. Delete that too.
• Restart your computer.